bind 9.4.1: bug or feature?

Mark Andrews Mark_Andrews at isc.org
Tue Jul 24 21:01:58 UTC 2007


> This isn't so much a bug as just a weird consequence of how things work.
> 
> In your initial attempt, when you ask your server for  
> something.xyz.local, here's what happens:
> 
> - Examine local authoritative data.
> - Find an authoritative zone for a domain that covers the request.  
> There is no answer in the zone, nor any delegation.
> - Return a negative answer.
> 
> The forward zone is not even considered. Now, with your second  
> attempt (the solution that inexplicably works):
> 
> - Examine local authoritative data.
> - Find an authoritative zone for a domain that covers the request.  
> There is an intervening delegation, so turn operation over to  
> resolver logic.
> - Examine resolver rules, including root hints, stub zones, forward  
> zones, global forwarding, etc.
> - Find forward zone. Rather than following delegation and doing  
> recursion, forward to specified server.
> 
> If you wanted to, you could achieve nearly the same effect without  
> the forward zone as follows:
> 
> xyz	NS	ns1.xyz
> 	NS	ns2.xyz
> ns1.xyz	A	1.2.3.4
> nx2.xyz	A	5.6.7.8
> 
> The differences would be:
> 
> - You would have to maintain the addresses of the other servers in  
> the zone data rather than in named.conf.
> - Rather than sending a recursive query to the other servers, your  
> server would send iterative queries.
> 
> Chris Buxton
> Men & Mice

	It's also how the DNS was designed to be used.

	Forward zones should be the exception not the rule.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list